[MGNLSSO-271] SsoRedirectClient callback should not kick in for APP/global Created: 25/Apr/23  Updated: 27/Apr/23  Resolved: 27/Apr/23

Status: Closed
Project: Single Sign On
Component/s: None
Affects Version/s: None
Fix Version/s: saas, 3.1.4

Type: Bug Priority: Neutral
Reporter: Evzen Fochr Assignee: Evzen Fochr
Resolution: Fixed Votes: 0
Labels: None
Σ Remaining Estimate: Not Specified Remaining Estimate: Not Specified
Σ Time Spent: Not Specified Time Spent: Not Specified
Σ Original Estimate: Not Specified Original Estimate: Not Specified

Attachments: PNG File image-2023-04-26-10-21-26-285.png    
Sub-Tasks:
Key
Summary
Type
Status
Assignee
MGNLSSO-273 Implementation Technical task Completed Evzen Fochr  
MGNLSSO-274 Review Technical task Closed Nguyen Phung Chi  
MGNLSSO-275 PiQA Technical task Closed Nguyen Phung Chi  
MGNLSSO-276 Final QA Technical task Completed Nguyen Phung Chi  
Template:
Acceptance criteria:
Empty
Task DoD:
[X]* Doc/release notes changes? Comment present?
[X]* Downstream builds green?
[X]* Solution information and context easily available?
[X]* Tests
[X]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Epic Link: SSO maintenance
Sprint: AdminX 34
Story Points: 0.5
Team: AdminX
Work Started:
Approved:
Yes

 Description   

Steps to reproduce

The issue can be reproducible on both DX-Core and SaaS environment, it might work when click on the "Download asset" action in Asset app.

  1. Login into the Admincentral of the subscription
  2. Go to the Asset app and download one of the asset
  3. Copy the Link address via the downloaded asset, it will looks like this: https://author-izmvc9fam2ugb8r1.beta.de.magnolia-cloud.com/.magnolia/admincentral/APP/global/0/legacy/0/Screenshot+from+2023-04-25+12-54-10.png
  4. Log out from the subscription
  5. Enter the Asset download link above to the browser
  6. Go through the login screen normally
  7. Can't download the asset and see the error page instead

25-Apr-2023 04:15:45.156 SEVERE [http-nio-8080-exec-3] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for servlet [default] in context with path [] threw exception
        java.lang.IllegalStateException: Cannot call sendRedirect() after the response has been committed
                at org.apache.catalina.connector.ResponseFacade.checkCommitted(ResponseFacade.java:530)
                at org.apache.catalina.connector.ResponseFacade.sendRedirect(ResponseFacade.java:371)
                at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:127)
                at info.magnolia.cms.security.SecurityCallbackFilter$StatusSniffingResponseWrapper.sendRedirect(SecurityCallbackFilter.java:169)
                at info.magnolia.cms.security.auth.callback.RedirectClientCallback.handle(RedirectClientCallback.java:104)
                at info.magnolia.cms.security.SecurityCallbackFilter.selectAndHandleCallback(SecurityCallbackFilter.java:105)
                at info.magnolia.cms.security.SecurityCallbackFilter.doFilter(SecurityCallbackFilter.java:86)
                at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59)
                at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
                at info.magnolia.cms.security.LogoutFilter.doFilter(LogoutFilter.java:94)
                at info.magnolia.sso.SsoLogoutFilter.doFilter(SsoLogoutFilter.java:47)
                at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59)
                at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
                at info.magnolia.cms.filters.MultiChannelFilter.doFilter(MultiChannelFilter.java:83)
                at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
                at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
                at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
                at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
                at info.magnolia.sso.SsoLoginFilter.lambda$doFilter$1(SsoLoginFilter.java:99)
                at org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:141)
                at info.magnolia.sso.SsoLoginFilter.doFilter(SsoLoginFilter.java:79)
                at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
                at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
                at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:74)
                at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
                at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
                at info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:75)
                at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
                at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
                at info.magnolia.cms.filters.UnicodeNormalizationFilter.doFilter(UnicodeNormalizationFilter.java:89)
                at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
                at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
                at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
                at info.magnolia.cms.filters.ContentTypeFilter.doFilter(ContentTypeFilter.java:155)
                at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
                at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
                at info.magnolia.fastly.filter.FastlySurrogateFilter.doFilter(FastlySurrogateFilter.java:55)
                at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59)
                at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
                at info.magnolia.config.source.contextual.filter.EnvironmentContextFilter.doFilter(EnvironmentContextFilter.java:76)
                at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
                at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
                at info.magnolia.cms.filters.ContextFilter.doFilter(ContextFilter.java:128)
                at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
                at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
                at info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:75)
                at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
                at info.magnolia.cms.filters.SafeDestroyMgnlFilterWrapper.doFilter(SafeDestroyMgnlFilterWrapper.java:107)
                at info.magnolia.cms.filters.MgnlFilterDispatcher.doDispatch(MgnlFilterDispatcher.java:67)
                at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:110)
                at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:96)
                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167)
                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)
                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:481)
                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130)
                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
                at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:673)
                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
                at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:768)
                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
                at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:389)
                at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
                at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:926)
                at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1791)
                at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
                at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
                at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
                at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
                at java.base/java.lang.Thread.run(Thread.java:829) 

Proposed solution

Filter out the request in https://git.magnolia-cms.com/projects/ENTERPRISE/repos/magnolia-sso/browse/magnolia-sso/src/main/java/info/magnolia/sso/pac4j/RedirectHelper.java#18,21

by adding "APP/global" into the check that it's Vaadin request.


Generated at Mon Feb 12 10:52:41 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.